CVE-2017-0913 — MEDIUM (4.7)

Q: How severe is CVE-2017-0913?

CVE-2017-0913 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-0913?

Check the references section above for vendor advisories and patch information. Affected products include: Ubnt Ucrm.

Vulnerability Description

Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System Customization".

CVSS Score

4.7

MEDIUM

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Ubnt	Ucrm	>= 2.3.0, <= 2.7.7

Related Weaknesses (CWE)

CWE-732

References

https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-bVendor Advisory
https://hackerone.com/reports/301406Third Party Advisory
https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-bVendor Advisory
https://hackerone.com/reports/301406Third Party Advisory

FAQ

What is CVE-2017-0913?

CVE-2017-0913 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Succe...

How severe is CVE-2017-0913?

CVE-2017-0913 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-0913?

Check the references section above for vendor advisories and patch information. Affected products include: Ubnt Ucrm.